(07-01-2025, 09:09 AM)rsthomas Wrote: Yep, all was well since Saturday afternoon -- until this afternoon when the server filled up again!
Looking at /var/log/syslog it appears I have been hacked by some maggots using me as their private email server.
If you don't mind, can I pick your brain again?
Mysql seems to still be running, as I haven't rebooted the server. Trying to run it tells me this: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO). Do I need to include the password somewhere in the command line?
1.) I expect there is a file on the server that is running the show. Any idea how I can locate it?
2.) It might be using a database table or text file to provide the addresses
3.) Is there a way I can delete the email log file in order to recover some space?
At any rate, things have settled down now since the hackers might be done for the day.
I can resize the hard drive to get the domains/sites to come up but unless I delete the script and/or email list file it will just fill up again. With your expert advice, hopefully I can delete the files that are causing the problem.
Thanks in advance for your help!
I'll check it out.
You can edit the large log file and delete it's contents and save it. Thats what I do when I'm testing.
Send me a PM with your hosting domain, and the domain you think is causing the problems.
If you have a site that has vulnerable code, they could be getting in that way.
If you have an older backup of your hostdata folder, you could try and compare the old one vs the new one and see what files are new or don't belong or what files are larger than they are supposed to be.
We had a similiar issue happen with our docs site. A hacker was able to get in through an old no longer supported WYSIWYG editor. (Like the one one here with the bold, italilic, etc.)
On another note, could you use a different editor for the log files you send me? Something like notepad++ ?
I don't have a decent docx viewer/reader unfortunately.
